I've had issues with their captchas just not working but not providing that as feedback. Javascript enabled and all.

You can easily reproduce this by using a mainstream browser like Chrome and changing your user agent to e.g. a Firefox one (or the reverse). You'll be hit with captchas everywhere but unlike the cloudflare ones the google ones can at least be resolved.

A Firefox user agent with a Chrome Javascript engine and a Chrome TLS engine is suspicious. Any decent bot prevention mechanism will trigger on that.

I don't have issues passing these blocks in Firefox, though.

from my travel experiences with my laptop

linux + firefox + less developed country ISP = endless captcha loop or straight up ban

I've had that experience in a developed country too, but every time it happened it was because of CGNAT without IPv6 (or some similar setup causing millions of requests to come from a single IP).

But on the other hand, almost all of the requests from less developed countries in my logs seem to be malicious. I've blocked entire countries at times (through iptables, arguably better for privacy but worse for blocked people) when a dumb bot wave made it through the internet. I get why Cloudflare is so eager to ban some ISPs, those ISPs seem to be doing a terrible job protecting the rest of the internet from their hacked or abusive customers.

If you travel is short enough, use Chrome. It works fine for me with Linux+Chrome+LessDevelopedCountryISP. That said, I do understand you are giving up some privacy by using Chrome, instead of Firefox. Can you just use a Chrome user agent, or does Cloudflare fingerprint your browser via JavaScript?

Not just non-mainstream web browsers but also users in certain less developed countries.

Clearly there’s a balance to be had, but Cloudflare’s shadowbans are just mean.

I get locked out occasionally when travelling outside EU as well. I've got to the point I will just avoid using services with CloudFlare in front of them.

Also the one time I reported abuse which was online banking phishing they just replied that they'd informed the upstream provider and nothing happened.

Can confirm. If I click certain links in the Discord Electron client on Windows they work just fine, but in Firefox on Linux I get the DDoS block page, regardless of the internet connection I'm using.

I'm also an unrelated party, it messes with me, Cloudflare is doing it, and I can't opt out.

You are related when you try to access a site. It's just customer service issue. You can't demand that sites allow you in.

   you <---> C <---> site


   you <--X--> C <---> site
          |
         Court order

See the difference.

In the second case, the parties are still related. The websites that are intended to be targeted by the court order are served by Cloudflare, and the operators of the sites that you want to access are also served by Cloudflare. It is like doing business with a bank that also serves sanctioned customers, and now your suppliers cannot get paid.

Can Cloudflare demand that ISPs carry its traffic? Probably, due to net neutrality laws. That's what they are trying to do in court.

Can you demand that websites allow you in? Depends on the site, I can imagine certain kinds of sites, e.g., government websites or public utility websites, being compelled to do this by a court, if they use Cloudflare and block innocent users. But the blocked users will generally not have enough time or money to deal with a lawsuit.

I mean isn't that a feature customers have to turn on?

Most folks do not realize the consequences. Of those who do, a significant fraction thinks that the only people accessing it are from US mainland and use Chrome on Windows.